charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl

charm/schemes/pksig/pksig_chp.py

@@ -0,0 +1,70 @@
+'''
+**Camenisch-Hohenberger-Pedersen Signature (CHP07)**
+
+*Authors:* J. Camenisch, S. Hohenberger, M. Pedersen
+
+| **Title:** "Batch Verification of Short Signatures"
+| **Published in:** EUROCRYPT, 2007
+| **Available from:** http://eprint.iacr.org/2007/172.pdf
+| **Notes:**
+
+.. rubric:: Scheme Properties
+
+* **Type:** signature (identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** CDH
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 11/2011
+'''
+from charm.toolbox.pairinggroup import G1,G2,ZR,pair
+from charm.toolbox.PKSig import PKSig
+
+debug = False
+
+class CHP(PKSig):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup   
+    >>> group = PairingGroup('SS512')
+    >>> chp = CHP(group)
+    >>> master_public_key = chp.setup()
+    >>> (public_key, secret_key) = chp.keygen(master_public_key) 
+    >>> msg = { 't1':'time_1', 't2':'time_2', 't3':'time_3', 'str':'this is the message'}
+    >>> signature = chp.sign(public_key, secret_key, msg)
+    >>> chp.verify(master_public_key, public_key, msg, signature)
+    True
+    """
+    def __init__(self, groupObj):
+        global group, H
+        group = groupObj
+        
+    def setup(self):
+        global H,H3
+        H = lambda prefix,x: group.hash((str(prefix), str(x)), G1)
+        H3 = lambda a,b: group.hash(('3', str(a), str(b)), ZR)
+        g = group.random(G2) 
+        return { 'g' : g }
+    
+    def keygen(self, mpk):
+        alpha = group.random(ZR)
+        sk = alpha
+        pk = mpk['g'] ** alpha
+        return (pk, sk)
+    
+    def sign(self, pk, sk, M):
+        a = H(1, M['t1'])
+        h = H(2, M['t2'])
+        b = H3(M['str'], M['t3'])
+        sig = (a ** sk) * (h ** (sk * b))        
+        return sig
+    
+    def verify(self, mpk, pk, M, sig):
+        a = H(1, M['t1'])
+        h = H(2, M['t2'])
+        b = H3(M['str'], M['t3'])
+        if pair(sig, mpk['g']) == (pair(a, pk) * (pair(h, pk) ** b)):
+            return True
+        return False
+

charm/schemes/pksig/pksig_cl03.py

@@ -0,0 +1,150 @@
+'''
+**Camenisch-Lysyanskaya Signature (CL03)**
+
+*Authors:* J. Camenisch, A. Lysyanskaya
+
+| **Title:** "A Signature Scheme with Efficient Protocols"
+| **Published in:** SCN, 2003
+| **Available from:** http://cs.brown.edu/~anna/papers/camlys02b.pdf
+| **Notes:** Schemes 2.2 (on page 4) and 4 (on page 8).
+
+.. rubric:: Scheme Properties
+
+* **Type:** signature (public key)
+* **Setting:** integer groups
+* **Assumption:** Strong RSA
+
+.. rubric:: Implementation
+
+:Authors: Christina Garman, Antonio de la Piedra
+:Date: 11/2013
+'''
+from charm.toolbox.PKSig import PKSig
+from charm.core.math.integer import integer,isPrime,random,randomPrime,randomBits
+import hashlib
+
+def SHA1(bytes1):
+    s1 = hashlib.new('sha256')
+    s1.update(bytes1)
+    return s1.digest()
+
+def randomQR(n):
+    return random(n) ** 2
+
+debug=False
+class Sig_CL03(PKSig):
+    """
+    >>> pksig = Sig_CL03() 
+    >>> p = integer(21281327767482252741932894893985715222965623124768085901716557791820905647984944443933101657552322341359898014680608292582311911954091137905079983298534519)
+    >>> q = integer(25806791860198780216123533220157510131833627659100364815258741328806284055493647951841418122944864389129382151632630375439181728665686745203837140362092027)
+    >>> (public_key, secret_key) = pksig.keygen(1024, p, q)
+    >>> msg = integer(SHA1(b'This is the message I want to hash.'))
+    >>> signature = pksig.sign(public_key, secret_key, msg)
+    >>> pksig.verify(public_key, msg, signature)
+    True
+    >>> from charm.toolbox.conversion import Conversion
+    >>> g  = {}
+    >>> m = {}
+    >>> j = 16
+    >>> for i in range(1, j + 1): g[str(i)] = randomQR(public_key['N'])
+    >>> for i in range(1, j + 1): m[str(i)] = integer(SHA1(Conversion.IP2OS(random(public_key['N']))))
+    >>> Cx = 1 % public_key['N']
+    >>> for i in range(1, len(m) + 1): Cx = Cx*(g[str(i)] ** m[str(i)])
+    >>> pksig = Sig_CL03() 
+    >>> p = integer(21281327767482252741932894893985715222965623124768085901716557791820905647984944443933101657552322341359898014680608292582311911954091137905079983298534519)
+    >>> q = integer(25806791860198780216123533220157510131833627659100364815258741328806284055493647951841418122944864389129382151632630375439181728665686745203837140362092027)
+    >>> (public_key, secret_key) = pksig.keygen(1024, p, q)
+    >>> signature = pksig.signCommit(public_key, secret_key, Cx)
+    >>> pksig.verifyCommit(public_key, signature, Cx)
+    True
+    """
+    def __init__(self, lmin=160, lin=160, secparam=512):
+        global ln, lm, le, l
+        ln = 2 * secparam
+        lm = lmin
+        le = lm + 2
+        l = lin
+        
+    def keygen(self, secparam=512, p=0, q=0):
+        if(p == 0):
+            pprime = randomPrime(secparam)
+            while(not isPrime(2*pprime + 1)):
+                pprime = randomPrime(secparam)
+            p = 2 * pprime + 1
+            print(p)
+
+        if(q == 0):
+            qprime = randomPrime(secparam)
+            while(not isPrime(2*qprime + 1)):
+                qprime = randomPrime(secparam)
+            q = 2 * qprime + 1
+            print(q)
+
+        N = p * q
+
+        a = randomQR(N)
+        b = randomQR(N)
+        c = randomQR(N)
+
+        pk = { 'N':N, 'a':a, 'b':b, 'c':c }
+        sk = { 'p':p, 'q':q }
+
+        return (pk, sk)
+    
+    def sign(self, pk, sk, m):
+        e = randomPrime(le)
+
+        ls = ln + lm + l
+        s = integer(randomBits(ls))
+
+        phi_N = (sk['p']-1)*(sk['q']-1)
+        e2 = e % phi_N
+    
+        v = (((pk['a'] ** m)*(pk['b'] ** s)*pk['c']) ** (e2 ** -1)) % pk['N']
+
+        sig = { 'e':e, 's':s, 'v':v }
+
+        return sig
+
+    def signCommit(self, pk, sk, Cx):
+        e = randomPrime(le)
+
+        ls = ln + lm + l
+        rprime = integer(randomBits(ls))
+
+        phi_N = (sk['p']-1)*(sk['q']-1)
+        e2 = e % phi_N
+    
+        v = (((Cx)*(pk['b'] ** rprime)*pk['c']) ** (e2 ** -1)) % pk['N']
+
+        sig = { 'e':e, 'rprime':rprime, 'v':v }
+
+        return sig
+
+    def verify(self, pk, m, sig):
+        if debug: print("\nVERIFY\n\n")
+
+        lhs = (sig['v'] ** sig['e']) % pk['N']
+        rhs = ((pk['a'] ** m)*(pk['b'] ** sig['s'])*pk['c']) % pk['N']
+        
+        if (sig['e'] <= 2**(le - 1) or sig['e'] >= 2**(le)):
+            return False
+
+        if(lhs == rhs):
+            return True
+
+        return False
+
+    def verifyCommit(self, pk, sig, Cx):
+        if debug: print("\nVERIFY\n\n")
+
+        lhs = (sig['v'] ** sig['e']) % pk['N']
+        rhs = (Cx*(pk['b'] ** sig['rprime'])*pk['c']) % pk['N']
+
+        if (sig['e'] <= 2**(le - 1)):
+            return False
+
+        if(lhs == rhs):
+            return True
+
+        return False

charm/schemes/pksig/pksig_cl04.py

@@ -0,0 +1,87 @@
+'''
+**Camenisch-Lysyanskaya Signature (CL04)**
+
+*Authors:* J. Camenisch, A. Lysyanskaya
+
+| **Title:** "Signature Schemes and Anonymous Credentials from Bilinear Maps"
+| **Published in:** CRYPTO, 2004
+| **Available from:** http://www.cs.brown.edu/~anna/papers/cl04.pdf
+| **Notes:** Scheme A on page 5, section 3.1.
+
+.. rubric:: Scheme Properties
+
+* **Type:** signature (identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** LRSW
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 1/2012
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,pair
+from charm.toolbox.PKSig import PKSig
+
+debug = False
+class CL04(PKSig):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup
+    >>> group = PairingGroup('MNT224')
+    >>> cl = CL04(group)
+    >>> master_public_key = cl.setup()
+    >>> (public_key, secret_key) = cl.keygen(master_public_key)
+    >>> msg = "Please sign this stupid message!"
+    >>> signature = cl.sign(public_key, secret_key, msg)
+    >>> cl.verify(public_key, msg, signature)
+    True
+    """
+    def __init__(self, groupObj):
+        global group
+        group = groupObj
+        
+    def setup(self):
+        g = group.random(G1)
+        return { 'g': g }
+        
+    def keygen(self, mpk):
+        x, y = group.random(ZR), group.random(ZR)
+        sk = { 'x':x, 'y':y }
+        pk = { 'X':mpk['g'] ** x, 'Y': mpk['g'] ** y, 'g':mpk['g'] }        
+        return (pk, sk)
+    
+    def sign(self, pk, sk, M):
+        a = group.random(G2)
+        m = group.hash(M, ZR)
+        sig = {'a':a, 'a_y':a ** sk['y'], 'a_xy':a ** (sk['x'] + (m * sk['x'] * sk['y'])) }
+        return sig
+    
+    def verify(self, pk, M, sig):
+        (a, b, c) = sig['a'], sig['a_y'], sig['a_xy']
+        m = group.hash(M, ZR)
+        if pair(pk['Y'], a) == pair(pk['g'], b) and (pair(pk['X'], a) * (pair(pk['X'], b) ** m)) == pair(pk['g'], c):
+            return True
+        return False
+    
+def main():
+    grp = PairingGroup('MNT224')
+    cl = CL04(grp)
+    
+    mpk = cl.setup()
+    
+    (pk, sk) = cl.keygen(mpk)
+    if debug:
+        print("Keygen...")
+        print("pk :=", pk)
+        print("sk :=", sk)
+    
+    M = "Please sign this stupid message!"
+    sig = cl.sign(pk, sk, M)
+    if debug: print("Signature: ", sig)
+    
+    result = cl.verify(pk, M, sig)
+    assert result, "INVALID signature!"
+    if debug: print("Successful Verification!!!")
+    
+if __name__ == "__main__":
+    debug = True
+    main()

charm/schemes/pksig/pksig_cllww12_z.py

@@ -0,0 +1,142 @@
+'''
+**Chen-Lim-Ling-Wang-Wee Signature (CLLWW12)**
+
+*Authors:* J. Chen, H. Lim, S. Ling, H. Wang, H. Wee
+
+| **Title:** "Shorter IBE and Signatures via Asymmetric Pairings"
+| **Published in:** Pairing, 2012
+| **Available from:** http://eprint.iacr.org/2012/224
+| **Notes:** Section 5. Shorter IBE construction based on SXDH.
+
+.. rubric:: Scheme Properties
+
+* **Type:** signature (identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** SXDH
+
+.. rubric:: Implementation
+
+:Authors: Fan Zhang (zfwise@gwu.edu)
+:Date: 3/2013
+:Notes: Swapped g1 and g2 to make signature faster. Optimized pairing operations.
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.core.crypto.cryptobase import *
+from charm.toolbox.PKSig import PKSig
+from charm.toolbox.matrixops import *
+
+debug = False
+class Sign_Chen12_z(PKSig):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup
+    >>> groupObj = PairingGroup('MNT224')
+    >>> m = "plese sign this message!!!!"
+    >>> cllww = Sign_Chen12_z(groupObj)
+    >>> (pk, sk) = cllww.keygen()
+    >>> signature = cllww.sign(pk, sk, m)
+    >>> cllww.verify(pk, signature, m) 
+    True
+    """
+    def __init__(self, groupObj):
+        PKSig.__init__(self)
+        #IBEnc.setProperty(self, message_space=[GT, 'KEM'], secdef='IND_sID_CPA', assumption='DBDH', secmodel='ROM', other={'id':ZR})
+        global group
+        group = groupObj
+        
+    def keygen(self):
+        g2 = group.random(G1)
+        g1 = group.random(G2)
+        alpha = group.random(ZR)
+
+        #generate the 4*4 dual pairing vector spaces.
+        d11, d12, d13, d14 = group.random(ZR),group.random(ZR),group.random(ZR),group.random(ZR)
+        d21, d22, d23, d24 = group.random(ZR),group.random(ZR),group.random(ZR),group.random(ZR)
+        d31, d32, d33, d34 = group.random(ZR),group.random(ZR),group.random(ZR),group.random(ZR)
+        d41, d42, d43, d44 = group.random(ZR),group.random(ZR),group.random(ZR),group.random(ZR)
+        D11, D12, D13, D14 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+        D21, D22, D23, D24 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+        D31, D32, D33, D34 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+        D41, D42, D43, D44 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+
+        one = group.random(ZR)
+        
+        [D11, D12, D13, D14] = GaussEliminationinGroups([[d11, d12, d13, d14, one],
+                                        [d21, d22, d23, d24, group.init(ZR, 0)],
+                                        [d31, d32, d33, d34, group.init(ZR, 0)],
+                                        [d41, d42, d43, d44, group.init(ZR, 0)]])
+        [D21, D22, D23, D24] = GaussEliminationinGroups([[d11, d12, d13, d14, group.init(ZR, 0)],
+                                        [d21, d22, d23, d24, one],
+                                        [d31, d32, d33, d34, group.init(ZR, 0)],
+                                        [d41, d42, d43, d44, group.init(ZR, 0)]])
+        [D31, D32, D33, D34] = GaussEliminationinGroups([[d11, d12, d13, d14, group.init(ZR, 0)],
+                                        [d21, d22, d23, d24, group.init(ZR, 0)],
+                                        [d31, d32, d33, d34, one],
+                                        [d41, d42, d43, d44, group.init(ZR, 0)]])
+        [D41, D42, D43, D44] = GaussEliminationinGroups([[d11, d12, d13, d14, group.init(ZR, 0)],
+                                        [d21, d22, d23, d24, group.init(ZR, 0)],
+                                        [d31, d32, d33, d34, group.init(ZR, 0)],
+                                        [d41, d42, d43, d44, one]])
+        
+
+        #generate public parameters.
+        #PP2 = (pair(g1, g2))**(alpha*one)
+        PP2 = (pair(g2, g1))**(alpha*one)
+        gd11 = g1**d11
+        gd12 = g1**d12
+        gd13 = g1**d13
+        gd14 = g1**d14
+        gd21 = g1**d21
+        gd22 = g1**d22
+        gd23 = g1**d23
+        gd24 = g1**d24
+        pk = { 'PP2':PP2, 'gd11':gd11, 'gd12':gd12, 'gd13':gd13, 'gd14':gd14,
+               'gd21':gd21, 'gd22':gd22, 'gd23':gd23, 'gd24':gd24 }
+        #generate private parameters
+
+        sk = {'alpha': alpha, 'g2':g2,
+               'D11':D11, 'D12':D12, 'D13':D13, 'D14':D14,
+               'D21':D21, 'D22':D22, 'D23':D23, 'D24':D24}
+
+        if(debug):
+            print("Public parameters...")
+            group.debug(pk)
+            print("Secret parameters...")
+            group.debug(sk)
+        return (pk, sk)
+
+    def sign(self, pk, sk, m):
+        r = group.random(ZR)
+        M = group.hash(m)
+        s1 = sk['g2']**((sk['alpha']+ r * M) * sk['D11'] - r * sk['D21'])
+        s2 = sk['g2']**((sk['alpha']+ r * M) * sk['D12'] - r * sk['D22'])
+        s3 = sk['g2']**((sk['alpha']+ r * M) * sk['D13'] - r * sk['D23'])
+        s4 = sk['g2']**((sk['alpha']+ r * M) * sk['D14'] - r * sk['D24'])
+        
+        signature = { 's1':s1, 's2':s2, 's3':s3, 's4':s4 }
+        return signature
+        
+    def verify(self, pk, sig, m):
+        M = group.hash(m)
+        if pk['PP2'] == (pair(sig['s1'],pk['gd11']*(pk['gd21']**M)) *
+                         pair(sig['s2'],pk['gd12']*(pk['gd22']**M)) *
+                         pair(sig['s3'],pk['gd13']*(pk['gd23']**M)) *
+                         pair(sig['s4'],pk['gd14']*(pk['gd24']**M)) ):
+            return True
+        return False
+    
+
+def main():
+    groupObj = PairingGroup('MNT224')
+    m = "plese sign this message!!!!"
+    cllww = Sign_Chen12_z(groupObj)
+    (pk, sk) = cllww.keygen()
+    signature = cllww.sign(pk, sk, m)
+    
+    if debug: print("Signature :=", signature)
+
+    assert cllww.verify(pk, signature, m), "Invalid Verification!!!!"
+    if debug: print("Successful Individual Verification!")
+    
+if __name__ == "__main__":
+    debug = True
+    main()

charm/schemes/pksig/pksig_cyh.py

@@ -0,0 +1,132 @@
+'''
+**Chow-Yiu-Hui Identity-Based Ring Signature (CYH05)**
+
+*Authors:* S. Chow, S. Yiu, L. Hui
+
+| **Title:** "Efficient Identity Based Ring Signature"
+| **Published in:** ACNS, 2005
+| **Available from:** LNCS Vol. 3531, pages 499-512
+| **Notes:**
+
+.. rubric:: Scheme Properties
+
+* **Type:** signature (ring-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** CDH
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 11/2011
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,pair
+from charm.toolbox.PKSig import PKSig
+from charm.toolbox.iterate import dotprod
+
+debug = False
+
+class CYH(PKSig):
+    """
+
+    >>> from charm.toolbox.pairinggroup import PairingGroup
+    >>> users = [ "alice", "bob", "carlos", "dexter", "eddie"] 
+    >>> signer = "bob"
+    >>> group = PairingGroup('SS512')
+    >>> cyh = CYH(group)
+    >>> (master_public_key, master_secret_key) = cyh.setup()
+    >>> (signer, public_key, secret_key) = cyh.keygen(master_secret_key, signer)  
+    >>> secret_key = (signer, public_key, secret_key)
+    >>> msg = 'please sign this new message!'
+    >>> signature = cyh.sign(secret_key, users, msg)
+    >>> cyh.verify(master_public_key, users, msg, signature)
+    True
+    """
+    def __init__(self, groupObj):
+        global group
+        group = groupObj
+    
+    def concat(self, L_id):
+        result = ""
+        for i in L_id:
+            result += ":"+i 
+        return result
+
+    def setup(self):
+        global H1,H2,lam_func
+        H1 = lambda x: group.hash(('1', str(x)), G1)
+        H2 = lambda a, b, c: group.hash(('2', a, b, c), ZR)
+        lam_func = lambda i,a,b,c: a[i] * (b[i] ** c[i]) # => u * (pk ** h) for all signers
+        g, alpha = group.random(G2), group.random(ZR)
+        P = g ** alpha
+        msk = alpha
+        mpk = {'Pub':P, 'g':g }
+        return (mpk, msk) 
+    
+    def keygen(self, msk, ID):
+        sk = H1(ID) ** msk
+        pk = H1(ID)
+        return (ID, pk, sk)
+    
+    def sign(self, sk, L, M):
+        (IDs, IDpk, IDsk) = sk
+        assert IDs in L, "signer should be an element in L"
+        Lt = self.concat(L) 
+        num_signers = len(L)
+ 
+        u = [1 for i in range(num_signers)]
+        h = [group.init(ZR, 1) for i in range(num_signers)]
+        for i in range(num_signers):
+            if IDs != L[i]:
+               u[i] = group.random(G1)
+               h[i] = H2(M, Lt, u[i])
+            else:
+               s = i
+        
+        r = group.random(ZR)
+        pk = [ H1(i) for i in L] # get all signers pub keys
+        u[s] = (IDpk ** r) * (dotprod(1, s, num_signers, lam_func, u, pk, h) ** -1)
+        h[s] = H2(M, Lt, u[s])
+        S = IDsk ** (h[s] + r)
+        sig = { 'u':u, 'S':S }
+        return sig
+    
+    def verify(self, mpk, L, M, sig):
+        u, S = sig['u'], sig['S']
+        Lt = self.concat(L) 
+        num_signers = len(L)
+        h = [group.init(ZR, 1) for i in range(num_signers)]
+        for i in range(num_signers):
+            h[i] = H2(M, Lt, u[i])
+
+        pk = [ H1(i) for i in L] # get all signers pub keys
+        result = dotprod(1, -1, num_signers, lam_func, u, pk, h) 
+        if pair(result, mpk['Pub']) == pair(S, mpk['g']):
+            return True
+        return False
+
+
+def main():
+   L = [ "alice", "bob", "carlos", "dexter", "eddie"] 
+   ID = "bob"
+   groupObj = PairingGroup('SS512')
+   cyh = CYH(groupObj)
+   (mpk, msk) = cyh.setup()
+
+   (ID, Pk, Sk) = cyh.keygen(msk, ID)  
+   sk = (ID, Pk, Sk)
+   if debug:
+    print("Keygen...")
+    print("sk =>", sk)
+  
+   M = 'please sign this new message!'
+   sig = cyh.sign(sk, L, M)
+   if debug:
+    print("Signature...")
+    print("sig =>", sig)
+
+   assert cyh.verify(mpk, L, M, sig), "invalid signature!"
+   if debug: print("Verification successful!")
+
+if __name__ == "__main__":
+    debug = True
+    main()

charm/schemes/pksig/pksig_dsa.py

@@ -0,0 +1,76 @@
+'''
+**Digital Signature Algorithm (DSA)**
+
+*Authors:* NIST
+
+| **Title:** "Digital Signature Standard (DSS)"
+| **Published in:** FIPS 186, 1994
+| **Available from:** https://csrc.nist.gov/publications/detail/fips/186/4/final
+| **Notes:** Originally proposed by NIST in August 1991.
+
+.. rubric:: Scheme Properties
+
+* **Type:** signature (public key)
+* **Setting:** integer groups
+* **Assumption:** Discrete Logarithm
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 5/2011
+'''
+
+from charm.toolbox.integergroup import IntegerGroupQ
+from charm.toolbox.PKSig import PKSig
+
+debug = False
+class DSA(PKSig):
+    """
+    >>> from charm.core.math.integer import integer
+    >>> p = integer(156053402631691285300957066846581395905893621007563090607988086498527791650834395958624527746916581251903190331297268907675919283232442999706619659475326192111220545726433895802392432934926242553363253333261282122117343404703514696108330984423475697798156574052962658373571332699002716083130212467463571362679)
+    >>> q = integer(78026701315845642650478533423290697952946810503781545303994043249263895825417197979312263873458290625951595165648634453837959641616221499853309829737663096055610272863216947901196216467463121276681626666630641061058671702351757348054165492211737848899078287026481329186785666349501358041565106233731785681339)    
+    >>> dsa = DSA(p, q)
+    >>> (public_key, secret_key) = dsa.keygen(1024)
+    >>> msg = "hello world test message!!!"
+    >>> signature = dsa.sign(public_key, secret_key, msg)
+    >>> dsa.verify(public_key, signature, msg)
+    True
+    """
+    def __init__(self, p=0, q=0):
+        global group
+        group = IntegerGroupQ()
+        group.p, group.q, group.r = p, q, 2
+        
+    def keygen(self, bits):
+        if group.p == 0 or group.q == 0:
+            group.paramgen(bits)
+        global p,q
+        p,q = group.p, group.q 
+        x = group.random()
+        g = group.randomGen()
+        y = (g ** x) % p
+        return ({'g':g, 'y':y}, x)
+    
+    def sign(self, pk, x, M):
+        while True:
+            k = group.random()
+            r = (pk['g'] ** k) % q
+            s = (k ** -1) * ((group.hash(M) + x*r) % q)
+            if (r == 0 or s == 0):
+                print("unlikely error r = %s, s = %s" % (r,s))
+                continue
+            else:
+                break
+        return { 'r':r, 's':s }
+        
+    def verify(self, pk, sig, M):
+        w = (sig['s'] ** -1) % q
+        u1 = (group.hash(M) * w) % q
+        u2 = (sig['r'] * w) % q
+        v = ((pk['g'] ** u1) * (pk['y'] ** u2)) % p
+        v %= q   
+        if v == sig['r']:
+            return True
+        else:
+            return False
+